-
rsync (3.1.2-2.1ubuntu1.6) bionic-security; urgency=medium
* SECURITY UPDATE: arbitrary file write via malicious remote servers
- d/p/z-CVE-2022-29154-{1,2}.diff: backported patches to fix the issue.
- d/p/z-CVE-2022-29154-3.diff: added additional patch to fix
regression.
- CVE-2022-29154
-- Marc Deslauriers <email address hidden> Tue, 28 Feb 2023 08:04:02 -0500
-
rsync (3.1.2-2.1ubuntu1.5) bionic-security; urgency=medium
* SECURITY UPDATE: zlib buffer overflow when inflating certain gzip
hearders.
- debian/patches/CVE-2022-37434-1.patch: catches overflow in
inflateGetHeader by enforcing buffer size.
- debian/patches/CVE-2022-37434-2.patch: prevents NULL dereference
regression previous patch introduced.
- CVE-2022-37434
-- Mark Esler <email address hidden> Tue, 16 Aug 2022 13:38:38 -0500
-
rsync (3.1.2-2.1ubuntu1.4) bionic-security; urgency=medium
* SECURITY UPDATE: memory corruption when zlib deflating
- debian/patches/CVE-2018-25032-1.patch: fix a bug that can crash
deflate on some input when using Z_FIXED in zlib/deflate.c,
zlib/deflate.h.
- debian/patches/CVE-2018-25032-2.patch: assure that the number of bits
for deflatePrime() is valid in zlib/deflate.c.
- CVE-2018-25032
-- Marc Deslauriers <email address hidden> Wed, 30 Mar 2022 12:16:36 -0400
-
rsync (3.1.2-2.1ubuntu1.3) bionic; urgency=medium
* d/p/avoid-deadlock-huge-amounts-verbose-messages.patch:
Allow the receiver to increase their iobuf.msg xbuf if it fills
up. This ensures that the receiver will never block trying to
output a message, and thus it will always drain the data from
the sender and keep the whole thing from clogging up. Thanks to
Wayne Davison <email address hidden>. (LP: #1528921)
-- Miriam EspaƱa Acebal <email address hidden> Tue, 08 Feb 2022 13:26:20 +0100
-
rsync (3.1.2-2.1ubuntu1.2) bionic; urgency=medium
* d/p/allow-missing-parent-dir-delete-missing-args.patch:
Fix error caused by files being deleted having a missing parent
directory. Thanks to Wayne Davison <email address hidden>.
(LP: #1896251)
-- Lena Voytek <email address hidden> Thu, 28 Oct 2021 09:38:50 -0700
-
rsync (3.1.2-2.1ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: improper pointer arithmetic might allow
context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9840.patch: remove offset pointer optimization
in inftrees.c.
- CVE-2016-9840
* SECURITY UPDATE: improper pointer arithmetic might allow
context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9841.patch: use post-increment only in inffast.c.
- CVE-2016-9841
* SECURITY UPDATE: vectors involving left shifts of negative integers might
allow context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9842_1.patch: avoid shifts of negative values in
inflateMark().
- debian/patches/CVE-2016-9842_2.patch: avoid casting an out-of-range
value to long.
- CVE-2016-9842
* SECURITY UPDATE: vectors involving big-endian CRC calculation might allow
context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9843.patch: avoid pre-decrement of pointer in
big-endian CRC calculation.
- CVE-2016-9843
-- Avital Ostromich <email address hidden> Tue, 18 Feb 2020 16:03:13 -0500
-
rsync (3.1.2-2.1ubuntu1) bionic; urgency=medium
* SECURITY UPDATE: Allows remote attacker to bypass argument
- debian/patches/CVE-2018-5764.patch: Ignore --protect-args
when already sent by client in options.c.
- CVE-2018-5764
-- <email address hidden> (Leonidas S. Barbosa) Thu, 18 Jan 2018 18:09:34 -0300
-
rsync (3.1.2-2.1) unstable; urgency=medium
* Non-maintainer upload.
* Enforce trailing \0 when receiving xattr name values (CVE-2017-16548)
(Closes: #880954)
* Check fname in recv_files sooner (CVE-2017-17433) (Closes: #883667)
* Sanitize xname in read_ndx_and_attrs (CVE-2017-17434) (Closes: #883665)
* Check daemon filter against fnamecmp in recv_files() (CVE-2017-17434)
(Closes: #883665)
-- Salvatore Bonaccorso <email address hidden> Wed, 13 Dec 2017 07:34:49 +0100
-
rsync (3.1.2-2) unstable; urgency=medium
* Added patch from upstream git to resolve temporary lines in --progress
output not being cleared.
closes:#749165
* Added patch from upstream git to speed up handling of xattrs.
closes:#799143
-- Paul Slootman <email address hidden> Fri, 17 Mar 2017 15:02:00 +0100
